Patch "power: supply: max17040: fix null-ptr-deref in max17040_probe()" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 14 Nov 2021 22:41:48 -0500

This is a note to let you know that I've just added the patch titled

    power: supply: max17040: fix null-ptr-deref in max17040_probe()

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     power-supply-max17040-fix-null-ptr-deref-in-max17040.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit b7aaebfa23ada7d7045a42fbca8fbddf8070c1d5
Author: Yang Yingliang <yangyingliang@xxxxxxxxxx>
Date:   Fri Oct 8 14:31:50 2021 +0800

    power: supply: max17040: fix null-ptr-deref in max17040_probe()
    
    [ Upstream commit 1d422ecfc48ee683ae1ccc9217764f6310c0ffce ]
    
    Add check the return value of devm_regmap_init_i2c(), otherwise
    later access may cause null-ptr-deref as follows:
    
    KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367]
    RIP: 0010:regmap_read+0x33/0x170
    Call Trace:
      max17040_probe+0x61b/0xff0 [max17040_battery]
     ? write_comp_data+0x2a/0x90
     ? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
     ? tracer_hardirqs_on+0x33/0x520
     ? __sanitizer_cov_trace_pc+0x1d/0x50
     ? _raw_spin_unlock_irqrestore+0x4b/0x60
     ? trace_hardirqs_on+0x63/0x2d0
     ? write_comp_data+0x2a/0x90
     ? __sanitizer_cov_trace_pc+0x1d/0x50
     ? max17040_set_property+0x1d0/0x1d0 [max17040_battery]
     i2c_device_probe+0xa31/0xbe0
    
    Fixes: 6455a8a84bdf ("power: supply: max17040: Use regmap i2c")
    Reported-by: Hulk Robot <hulkci@xxxxxxxxxx>
    Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
    Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxxxxx>
    Signed-off-by: Sebastian Reichel <sebastian.reichel@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/power/supply/max17040_battery.c b/drivers/power/supply/max17040_battery.c
index d956c67d51558..b6b29ec3d93ec 100644
--- a/drivers/power/supply/max17040_battery.c
+++ b/drivers/power/supply/max17040_battery.c
@@ -482,6 +482,8 @@ static int max17040_probe(struct i2c_client *client,
 	chip->client = client;
 	chip->regmap = devm_regmap_init_i2c(client, &max17040_regmap);
 	chip->pdata = client->dev.platform_data;
+	if (IS_ERR(chip->regmap))
+		return PTR_ERR(chip->regmap);
 	chip_id = (enum chip_id) id->driver_data;
 	if (client->dev.of_node) {
 		ret = max17040_get_of_data(chip);






